Rouault

**Name of the Vulnerable Software and Affected Versions** LibTIFF (affected versions not specified) **Description** The issue is related to a NULL pointer dereference flaw in the `LZWDecode()` function, located in the `libtiff/tif lzw.c` file. This flaw can be exploited by a local attacker who crafts specific input data, causing the program to dereference a NULL pointer when decompressing a TIFF format file. The result of this exploitation can be a program crash or denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MapServer versions prior to 6.4.1 **Description** The issue is related to a SQL injection vulnerability in the `msPostGISLayerSetTimeFilter` function when a WMS-Time service is used. This allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter. **Recommendations** For versions prior to 6.4.1, update to version 6.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the WMS-Time service until the update is applied.